Inspired by 'Autoruns' from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more
·List GPG keys trusted by the system
·Installed Packages
·File integrity
·Process integrity (process and libraries loaded in a process that not belongs to any installed package)
·Processes with name spoofed (processes that use prctl() to change their name in /bin/ps)
·CRON entries
·RC files
·X system startup files
·Active Systemd Units
·Systemd Timer Units
·tmpfiles.d
·linger users
For only suspicious information:
#python3 rclocals.py --triage
For detailed information:
#python3 rclocals.py --all
Inspired by ‘Autoruns’ from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more
·List GPG keys trusted by the system
·Installed Packages
·File integrity
·Process integrity (process and libraries loaded in a process that not belongs to any installed package)
·Processes with name spoofed (processes that use prctl() to change their name in /bin/ps)
·CRON entries
·RC files
·X system startup files
·Active Systemd Units
·Systemd Timer Units
·tmpfiles.d
·linger users
For only suspicious information:
#python3 rclocals.py –triage
For detailed information:
#python3 rclocals.py –all
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment